Choosing the right SSL certificate
Choosing an SSL for an average user is a tough question. There are 150 SSL certificates. They all provide HTTPS-connection and high level encryption and support all popular browsers. However it doesn’t mean that a bank needs a simple SSL or that a blogger should buy premium protection.
SSL certificates can be divided into a few groups depending on their validation type, number of secured domains/subdomains, browser trust or CA brand. This article will help you select the right SSL certificate: all you need to know is the validation type and the number of secured domains/subdomains.
SSL certificates can be divided into 3 validation groups: DV (domain validated), OV (organization validated,) EV (extended validation).
DOMAIN VALIDATED CERTIFICATES
A Domain Validated certificate is considered an entry-level SSL certificate. It fits best for websites which have no need for high security such as blogs, personal, or business websites. A green padlock saying “Secure” is enough if visitors of the website don’t login or don’t buy anything.
Domain validated certificates only confirm that you have the right to use the domain. Visitors of websites with DV-certificates won’t see warning about insecure connection. Their personal data won’t be stolen by hackers because the certificate creates a secure HTTPS connection.
DV-certificate can be issued to both individuals and companies.
Visual indicators: a green padlock in the address bar.
DV SSL validation process: DV certificates are easy to obtain and can be issued quickly. The Certificate Authority will send you a verification email. The approval email typically can be sent to an administrative email, e.g. email@example.com. This email contains a unique link to approve the certificate and validate your domain ownership. You click on the link to validate and approve the certificate.
Most popular DV-certificate: Comodo PositiveSSL.
Downsides of using DV-certificates: We do not recommend DV-certificates for websites that need higher trust of visitors. The only verification check performed by CA is to ensure that the applicant owns the domain. No additional checks are performed to ensure it is a valid business entity. That is why DV-certificate on the website does not guarantee you can trust it in terms of your usernames, passwords, and credit card information.
E-commerce fraud is also a growing problem. Hackers use DV SSL’s for fake phishing websites which can be simple copies of real web stores. Customers who see a green padlock have no doubt that connection is secure. They enter passwords and commit payments. This way their personal data and money are stolen by hackers. In order to avoid risks, web stores and financial services have to use SSL certificates with the higher level of trust.
ORGANIZATION VALIDATED CERTIFICATES
We recommend to choose OV-certificate if your website has feedback or email sign-up forms and a client area. However, visitors of your website still do not pay/buy anything.
This type of certificates requires your organization to prove it is a legitimate business entity. This way there is no chance for hackers to get an organization validation SSL. With OV certificates visitors can be sure that the website belongs to a particular legitimate company. Their personal data and money won’t be stolen.
OV-certificates can be issued to companies only, not individuals.
Visual indicators:For this type of certificates the HTTPS and a padlock are displayed in the address bar of the user’s browser. Information about both domain and company will also be listed in the certificate. Company’s information incorporated in the сertificate will be also visible on the Site Seal.
Dynamic security seal is a special sign on a website protected by OV-certificate. Now it is the only way how OV SSL certificates differ from DV-certificates. When someone accesses your website, a dynamic security seal will display your company name and/or the current date and certificate validity. Visitors can click on a site seal to see additional verification information. This way they make sure that CA has really checked this organization and issued the OV-certificate.
With dynamic security sea your visitors will be sure that their personal data won’t be stolen and won’t leave your website. We strongly recommend to display a site seal on your website so that customers could get used to it. If hackers make a fake site identical to yours, they can’t place a site seal on it. Thus careful visitors will notice that a phishing website is not the real one.
OV SSL validation process: It takes 3-10 days to issue an organization validated certificate. In order to verify the existence of your organization, the Certificate Authority must be able to find it listed either in an official government database or a database such as Dunn & Bradstreet or Yellow pages. Besides, you will be asked to submit a few documents and answer a phone call from the CA. After that they will send you a verification email with the link to validate and approve the certificate. The approval email is typically sent to an administrative email, e.g. firstname.lastname@example.org.
Most popular OV-certificate: Thawte SSL Web Server.
Downsides of using OV-certificates: We do not recommend to use OV-certificates for e-commerce and government services. If you accept payments or personal data of your customers, we suggest extended validation certificates with a green address bar and company name in it. It creates the higher level of trust even for new or unskilled users.
Extended Validation SSL ceertificates
The EV-certificate is a good choice for websites where visitors pay or enter personal data. Higher trust of visitors is a must for web stores, banks, e-government websites, and financial services.
EV SSL offers the high level of trust with the green address bar which displays your company name. Even if a visitor is unskilled or has come to your website for the first time, a green bar will boost trust.
PayPal, one of the world's largest Internet payment companies, uses an extended validation certificate. Total amount of PayPal payments made everyday is about $315 million. If PayPal have used a domain validated SSL, hackers would be accepting payments on a phishing website e.g. PayPel.com.
One more example. Price comparison websites help users find items at the lowest price. However, people do not prefer the cheapest website because they know nothing about them and do not trust them. They are afraid that their money will be stolen. If there was an extended validation certificate with a green address, users would stay.
EV-certificates can be issued to companies only, not individuals.
Visual indicators: Users can see the green address bar, a company name, and the green padlock if the website is secured with an EV SSL certificate.
EV SSL validation process: It takes 10-14 days to issue an EV SSL. CA has to verify the existence of your organization. You will be asked to submit a few documents and answer a phone call from a CA. After that they will send you a verification email with the link to validate and approve the certificate. The approval email is typically sent to an administrative email, e.g. email@example.com.
Most popular EV SSL: Thawte SSL Web Server with EV.
→ If you own a blog, or a personal, business or news website where visitors do not enter their personal data or pay money, you need a DV SSL. Buy Comodo PositiveSSL
→ If visitors of your website enter personal information to login your client area or sign up for emails, you need an OV SSL. Buy Thawte SSL Web Server.
→ If you accept payments and collect personal data through your website, you need an EV SSL. Buy Thawte SSL Web Server with EV.
A domain name is your website name. It is the address where Internet users can access your website. In our case the domain is ispsystem.com. It is made of 2 parts: com, the top-level domain, and ispsystem, the second-level domain.
Subdomain is a part of a main domain. Our subdomains are e.g. my.ispsytem.com and doc.ispsystem.com
When you submit your request for a wildcard SSL, it is important to specify the level of the domain:
→ if you enter *.site.ru, a wildcard will secure third-level domains such as shop.site.ru, forum.site.ru, doc.site.ru etc. and it won’t secure fourth-level domains, e.g. *.shop.mysite.ru.
→ if you enter *.shop.mysite.ru, a wildcard will secure all fourth-level domains such as 1.forum.site.ru, 2.forum.site.ru, 3.forum.site.ru etc and it won’t secure fifth-level domains, e.g. *.1.shop.mysite.ru, or third-level domains *.site.ru
It means that if you need to secure both third-level and fourth-level domains, you should purchase two wildcard SSLs and enter correct levels of the domain to be secured.